Book Image

Hands-On Penetration Testing with Python

By : Furqan Khan
Book Image

Hands-On Penetration Testing with Python

By: Furqan Khan

Overview of this book

With the current technological and infrastructural shift, penetration testing is no longer a process-oriented activity. Modern-day penetration testing demands lots of automation and innovation; the only language that dominates all its peers is Python. Given the huge number of tools written in Python, and its popularity in the penetration testing space, this language has always been the first choice for penetration testers. Hands-On Penetration Testing with Python walks you through advanced Python programming constructs. Once you are familiar with the core concepts, you’ll explore the advanced uses of Python in the domain of penetration testing and optimization. You’ll then move on to understanding how Python, data science, and the cybersecurity ecosystem communicate with one another. In the concluding chapters, you’ll study exploit development, reverse engineering, and cybersecurity use cases that can be automated with Python. By the end of this book, you’ll have acquired adequate skills to leverage Python as a helpful tool to pentest and secure infrastructure, while also creating your own custom exploits.
Table of Contents (18 chapters)

Clickjacking

Clickjacking is an attack in which the attacker overlays a custom-made attack page on a legitimate website or web page. Consider the same scenario as mentioned in the case of the CSRF attack. The web page that can delete all the users can be made transparent in such a way that the buttons on the page are not visible to the user. What is visible, therefore, is an attack page below the transparent layer of a legitimate web page. An attacker can craft a web page, for example, that displays iPhone offers and that might have a button that says win iPhone now placed under the transparent button delete all users. Thus, when a victim, the admin user, thinks they are clicking on a win iPhone button, they are actually clicking on the transparent button that deletes all users from the database.

One of the ways for a website to prevent itself from Clickjacking is by implementing...